Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes Date: 2018-08-30 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara...

Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)

/ Title: Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux pi@raspberrypi: $ lsbrelease -a No LSB modules are...

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

/ Title: Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes Author: Antonio execve/bin/sh shellcode for MIPS64 tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta 48 bytes gcc -fno-stack-protector -z execstack main.c -o main -g adp, SLAE - 1326, 2018. / include include / .text .global sta...

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes. Shellcode exploit for LinuxMIPS platform / Title: Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes Date: 2018-08-10 Author: Antonio execve/bin/sh shellcode for MIPS64 tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta 48 bytes gcc...

CuteFTP 5.0 - Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: CuteFTP 5.0 - Buffer Overflow Author: Matteo Malvica Vendor homepage: www.globalscape.com Software: CuteFTP 5.0.4 XP - build 54.8.6.1 Software Link: http://installer.globalscape.com/pub/cuteftp/archive/english/cuteftp50.exe...

Buffer overflow

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A...

PyCryptodome Integer Overflow Vulnerability

PyCryptodome is a cryptographic package for Python consisting of low-level cryptographic primitives. An integer overflow vulnerability exists in the datalen variable of the AESNI.c file in PyCryptodome versions prior to 3.6.6. An attacker can exploit this vulnerability with the help of messages...

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)

Linux/x64 - Add Root User toor/toor Shellcode 99 bytes. Shellcode exploit for Linuxx86-64 platform ; Title: add root user toor:toor ; Date: 20180811 ; Author: epi ; https://epi052.gitlab.io/notes-to-self/ ; Tested on: linux/x8664 SMP CentOS-7 3.10.0-862.2.3.el7.x8664 GNU/Linux ; ; Shellcode Lengt...

reSIProcate 'ConnectionBase::prepareNewBytes' function heap overflow vulnerability

reSIProcate is a C++ implementation of protocols such as SIP Session Initiation Protocol, ICE P2P Communication Protocol and TURN Profile Transfer Protocol. A security vulnerability exists in the 'ConnectionBase::prepareNewBytes' function in the resip/stack/ConnectionBase.cxx file in reSIProcate...

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)

Linux/x86 - Reverse TCP ::FFFF:192.168.1.5:4444/TCP Shell /bin/sh + Null-Free + IPv6 Shellcode 86 bytes. Shellcode exploit for Linuxx86 platform Title: Linux/x86 - Reverse TCP shell IPv6 + Null Free Shellcode Author: Kartik Durg Shellcode Length: 86 BYTES Student-ID: SLAE-1233 Note...

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 (86 bytes)

Title: Linux/x86 - Reverse TCP shell IPv6 + Null Free Shellcode Author: Kartik Durg Shellcode Length: 86 BYTES Student-ID: SLAE-1233 Note https://iamroot.blog/2018/07/29/0x2-shellreversetcpipv6-linux-x86/ Description: Connect-back to IPV6 socket listening on IP ::FFFF:192.168.1.5 and port 4444. /...

CVE-2017-16346

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the smac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer...

Buffer overflow

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the sport key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer...

Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)

/ Title: Linux/ARM - IPv6 ::1 4444/TCP Reverse Shellcode 116 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.34-v7+ 1110 SMP Mon Apr 16 15:18:51 BST 2018 armv7l GNU/Linux pi@raspberrypi: $ lsbrelease -a No LSB modules are...

Bento4 Buffer Overflow Vulnerability (CNVD-2018-14698)

Bento4 is an open source C++ library for reading and writing MP4 files. A heap buffer overflow vulnerability exists in AP4BytesToUInt16BE in the Core/Ap4Utils.h file in Bento4 version 1.5.1-624. An attacker can exploit this vulnerability to cause a heap buffer out-of-bounds read...

Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)

Linux/x64 - Reverse ::1:1337/TCP + IPv6 + Password pwnd Shellcode 115 bytes. Shellcode exploit for Linuxx86-64 platform / ; Title : Reverse Shell IPv6 with Password - Shellcode ; Author : Hashim Jawad @ihack4falafel ; OS : Linux kali 4.15.0-kali2-amd64 1 SMP Debian 4.15.11-1kali1 2018-03-21 x8664...

UBUNTU-CVE-2018-12584

The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service buffer overflow or possibly execute arbitrary code when TLS communication is enabled...

PYSEC-2018-90

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...

CVE-2018-13348

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...

UBUNTU-CVE-2018-13348

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...